Christian Weichel

Next step IMHO is to connect the `protected_secrets` workspace feature flag to ConfigCat and roll this out slowly.

We should generalise a tad and move to "[workspace classes](https://www.notion.so/gitpod/Workspace-Classes-0415b078f6434922a2c6f46718d5c670)"

How can we have invalid config considering the installer reuses the same config struct that the public-api-server uses?

[`run-gp`](https://github.com/gitpod-io/run-gp) almost provides that - we'd just need to disable the IDE and port forwarding, and add a good means for getting feedback from the tasks. Built a prototype using...

Introducing chunk dependencies would mean we'd need to ship that information on the images somehow, so that we can support combinations without the `dazzle.yaml` in the future. Not a problem,...

> it assumes the dependencies will all be pulled in while the dazzle.yaml is available We will need to be able to build dazzle images from the chunks alone, in...

Can I help somehow? What information is needed/could we provide that would help things along? This issue is currently blocking our adoption of buildkit.

I hit this issue when pushing a manifest to `gcr.io`. The first request to `/v2/repo/registry/image/manifests/...` comes back with `401 Unauthorized`. This triggers the authentication retry behaviour https://github.com/containerd/containerd/blob/5162238c7da04d6bdd771d0aa43f8e34c91ea2ca/remotes/docker/resolver.go#L600-L604 which causes a...

They do the same thing indeed. Which one would you prefer: `werft run` or `werft job run`?

I think we'll want to introduce a dry-run to server. Most of the validation happens at runtime by the plugins. Validating strict fit into structures won't result in what you'd...